rolle für borgbackup

common/borgbackup/tasks/main.yml

+---
+# Pakete installieren
+- name: pakete installieren
+  apt:
+    pkg: "{{ item }}"
+    update_cache: yes
+    state: installed
+  with_items:
+    - borgbackup
+    - logrotate
+    - moreutils
+
+- name: get secrets from server 1
+  slurp: src={{ item }}
+  with_items:
+    - /srv/borgbackup/repo_passphrase 
+    - /srv/borgbackup/repo_url 
+  register: borgbackup_secrets
+
+- name: get secrets from server 2
+  set_fact: 
+    repo_passphrase: "{{ borgbackup_secrets.results | selectattr('item', 'equalto', '/srv/borgbackup/repo_passphrase') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" 
+    repo_url: "{{ borgbackup_secrets.results | selectattr('item', 'equalto', '/srv/borgbackup/repo_url') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}" 
+
+
+# BorgBackup Scripte erstellen 
+
+- name: BorgBackup Script erstellen 
+  template: src={{ item }} dest=/opt/{{ item }} mode=o+x
+  with_items:
+    - "borgbackup-check.sh"
+    - "borgbackup-create.sh"
+    - "borgbackup-delete.sh"
+    - "borgbackup-info.sh"
+    - "borgbackup-init.sh"
+    - "borgbackup-list.sh"
+    - "borgbackup-mount.sh"
+
+- name: BorgBackup log folder erstellen 
+  file: 
+    path: "/var/log/borgbackup"
+    state: "directory"
+
+- name: BorgBackup LogRotate config erstellen 
+  template: src=logrotate dest=/etc/logrotate.d/borgbackup
+
+- name: Cronjob für BorgBackup
+  cron: name="borgbackup" weekday="{{borgbackup_weekday}}" hour="{{borgbackup_hour}}" minute="{{borgbackup_minute}}" job="/opt/borgbackup-create.sh 2>&1 | ts '[%Y-%m-%d %H:%M:%S]' >> /var/log/borgbackup/borgbackup.log"
\ No newline at end of file

common/borgbackup/templates/borgbackup-check.sh

+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Überprüfung des Archives 
+borg check $1 $2 $3 --info --show-rc {{repo_url}}

common/borgbackup/templates/borgbackup-create.sh

+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Ausführung des Backups
+# anschließend Bereinigung 
+# abschließend Integritätscheck 
+
+borg create $1 $2 $3 --info --show-rc --stats --compression lzma,2 {{repo_url}}::`date +%Y-%m-%d_%H_%M` \
+{% for directory in borgbackup_directories %}
+{{ directory }} \
+{% endfor %}
+&& \
+borg prune $1 $2 $3 --info --show-rc --list {{repo_url}} \
+{% for prune in borgbackup_prune %}
+{{ prune }} \
+{% endfor %}
+&& \
+borg check $1 $2 $3 --info --show-rc {{repo_url}}

common/borgbackup/templates/borgbackup-delete.sh

+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Löschen eines Backups
+
+borg list $1 $2 $3 --info --show-rc {{repo_url}}
+
+echo "BackupName, followed by [ENTER]:"
+read target
+
+borg delete $1 $2 $3 --info --show-rc {{repo_url}}::$target

common/borgbackup/templates/borgbackup-info.sh

+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+#  Anzeige des Inhaltes im Borg Backup Archiv
+
+borg list $1 $2 $3 --info --show-rc {{repo_url}}
+
+echo "BackupName, followed by [ENTER]:"
+read target
+
+borg info $1 $2 $3 --info --show-rc {{repo_url}}::$target

common/borgbackup/templates/borgbackup-init.sh

+#!/bin/bash
+
+# Initialisierung des Borg Backup Archives
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+borg init $1 $2 $3 --info --show-rc --encryption=repokey {{repo_url}} 

common/borgbackup/templates/borgbackup-list.sh

+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Anzeige des Inhaltes im Borg Backup Archiv
+
+borg list $1 $2 $3 --info --show-rc {{repo_url}} 

common/borgbackup/templates/borgbackup-mount.sh

+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Einhängen eines Backups nach /mnt/
+
+echo -n 'Mounting to: /mnt/borbbackupmount'
+borg mount $1 $2 $3 --info --show-rc {{repo_url}} /mnt/borbbackupmount

common/borgbackup/templates/logrotate

+/var/log/borgbackup/borgbackup.log {
+  rotate 12
+  monthly
+  compress
+  missingok
+  notifempty
+}

host_vars/webserver

@@ -12,6 +12,20 @@ debian_sources:
   - "deb http://ftp.halifax.rwth-aachen.de/debian/ jessie-updates main contrib non-free"
   - "deb http://apt.dockerproject.org/repo debian-jessie main"
 
+borgbackup_weekday: "*"
+borgbackup_hour: "4"
+borgbackup_minute: "0"
+
+borgbackup_directories:
+  - "/etc/"
+  - "/srv/"
+
+borgbackup_prune:
+  - "--keep-within=2d"
+  - "--keep-daily=7"
+  - "--keep-weekly=4"
+  - "--keep-monthly=6"
+
 letsencrypt_tos_sha256: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221
 
 letsencrypt_mail: verwaltung@warpzone.ms

webserver/main.yml

@@ -3,6 +3,7 @@
 - hosts: webserver
   remote_user: root
   roles:
+    - { role: ../common/borgbackup, tags: borgbackup }
     - { role: nginx, tags: nginx }
     - { role: openvpn, tags: openvpn }
     - { role: docker, tags: docker }